The average internet user may be largely unaware that there are actually different “levels” of the internet. First, there is the surface level of the internet where companies post their webpages, and where employees may browse the news, shopping options, and Facebook. The surface level means that the internet is indexed, and can be accessed using a search engine such as Google. There is also the Deep Web, which means that the web pages cannot be accessed by a search engine because they are not indexed. In other words, you would not be able to search for or stumble upon these websites. Instead, you’d only be able to access them if you knew their exact web address. What may surprise people is that most of the internet today is actually considered part of the Deep Web. Next, there is the Dark Web, whose very name sounds a bit ominous. The Dark Web is a part of the Deep Web, but it also requires special browsers, such as TOR, and configurations in order to access it. The primary goal of the Dark Web is to maintain privacy and anonymity. While some may use this area for perfectly legitimate purposes, such as a journalist speaking to a source in private, not surprisingly, this setting can also be exploited for illegal purposes, such as drug and human trafficking and child pornography.

Employers and their IT professionals need to be aware of the risks associated with the Dark Web. An employee who accesses the Dark Web via a company network can immediately open the company network up to risks, including access by hackers. This could lead to a cyber-attack against your company.

Additionally, some sources on the Dark Web actively try to recruit “insiders” at various companies to use their employment to legitimately gain access to company information, which could then be misused or released to others. Insiders could also be used to more easily install malware into an organization’s perimeter security, which could then be used for purposes such as crashing the system, or stealing information like credit card or social security numbers. While many IT security programs today focus on outside threats, more and more companies are discovering the importance of increasing protections against insider threats for this very reason.

IT and Security personnel must continue to adapt to threats posed by the Dark Web and insider activity. Monitoring for suspicious activity such as downloading specific browsers, investing in insider threat protection, and educating your workforce about the risks and penalties with accessing company information for nefarious purposes can help limit the likelihood that the Dark Web will create havoc in your own work environment.